Editor's News

Neiman Marcus President and CEO Karen Katz has formally apologised in a letter to customers.   Saying that the group deeply regrets the incident and it was “very sorry that some of our customers' payment cards were used fraudulently” and that it “remains steadfast in our commitment to delivering exceptional customer service”.   Its continuing forensic investigation found the intrusion on the 1st January after it was informed of potentially unauthorised payment card activity which...

Malware named “Black POS” was not flagged by more than 40 commercial anti-virus tools, explaining why it was able to infect Target’s point of sale system.   According to security blogger Brian Krebs, a source said that the POS malware was installed in Target’s environment around November 27th, and it was customised to avoid detection and for use in specific environments.   He said: “That source and one other involved in the investigation who also...

Target CEO Gregg Steinhafel has admitted that there was malware on its point-of-sale (PoS) systems.   In an interview with CNBC, Steinhafel said that while it did not know the full extent of what transpired, it had established the malicious compromise. According to Sophos’ Naked Security blog, credit card data is not encrypted all of the time, even on PCI-DSS compliant systems, instead it is briefly unencrypted inside the PoS terminal itself.   Writing on...

Microsoft released its lightest patch bundle in over a year last night, addressing four important issues in Windows, Office, and Dynamics AX.   Despite only being rated as important, Microsoft rated MS14-002 as the priority, as this addresses a publicly known issue in the Windows Kernel.   Ross Barrett, senior manager of security engineering at Rapid7, said: “MS14-002, addresses the somewhat awaited kernel elevation of privilege issues known as CVE-2013-5065, which was reported and disclosed back...

As the holiday season produces massive volumes of data on consumer spending trends, the global information experts at the NPD Group are benefitting from unprecedented transparency into data access and usage.   The reason is technology from Varonis Systems, a provider of software solutions for unstructured, human-generated enterprise data. The NPD Group relies on Varonis DatAdvantage to monitor, analyse and manage who has access to the company’s valuable data, and to successfully limit security exposure, meet...

The UK Government has launched the ‘Cyber Streetwise’ campaign in an aim to provide the public and businesses with the skills and knowledge they need to take control of their cyber security.   Described as an aim to “measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses”, Cyber Streetwise is an interactive website explaining how businesses can enhance security. Included is guidance on securing websites, shopping safely online and...

OWASP has admitted that it could not “sit by idly and zip our mouths shut” and opted for the decision to pull out of a marketing agreement with RSA Conference.   Speaking to IT Security Guru, OWASP board member Eoin Keary said that the decision was not taken lightly and after five days of “heated debate”, the view was that the benefit to people attending the classes and the association and involvement that OWASP had...

Security vendors have been accused of being too “myopically focussed” on their own solutions, when they should have a wider perspective on what IT managers need. Barmak Meftah, president and CEO of AlienVault, told IT Security Guru that vendors should “put themselves in the shoes of IT” and look to simplify solutions to make them consumable and usable. “This is a simple mission to make security analytics easy to digest,” he said. “Too many companies...

Microsoft has had a further two Twitter accounts hacked by the Syrian Electronic Army.   After the hacktivists hit the account of Skype last week and posted anti-Government and anti-Microsoft comments, now the Twitter accounts of the gaming console Xbox and its own news feed have been taken over.   Attackers took over the @MSFTnews and @XboxSupport accounts on Saturday and posted various messages hash-tagged “SEA”, according to the Register. Although the messages are no...

The United States is to reintroduce the Personal Data Privacy and Security Act   After a series of data breaches, including the 70 million records breached by Target, senator Patrick Leahy said that such breaches are “a reminder that developing a comprehensive national strategy to protect data privacy and cyber security remains one of the most challenging and important issues facing our nation”.   He said in a statement that the reintroduction of the Personal Data...